Release Notes for
Cisco Configuration Professional Express 1.0
May 19, 2008
These release notes support Cisco Configuration Professional Express (Cisco CP Express) 1.0. They
should be used with the documents listed in the “Related Documentation” section on page 15 and in
particular, the Release Notes for Cisco Configuration Prefessional.
These release notes are updated as needed. To ensure that you have the latest version of these release
notes, go to http://www.cisco.com/go/ciscocp. In the Support box, click General Information > ReleaseNotes. Then, find the latest release notes for your release.
Contents
Introduction
This document contains the following sections:
• Introduction, page 1
• System Requirements, page 2
• Installation Notes, page 8
• Limitations and Restrictions, page 9
• Important Notes, page 9
• Caveats, page 12
• Related Documentation, page 15
Cisco CP Express is a graphical configuration tool that enables a user to configure a LAN and WAN
connection, make security settings to protect the router, and, configure a basic firewall, and Network
Address Translation. Cisco CP Express is installed in Flash memory on routers shipped with Cisco
Configuration Professional (Cisco CP).
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
To determine the release of Cisco IOS software currently running on your Cisco router, log in to the
router and enter the show version EXEC command. The following sample output from the show version
command indicates the Cisco IOS release on the second output line:
Router> showversion
c3845-1#show version
Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9-M), Version 12.4(11)XW2, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Tue 03-Jul-07 00:49 by prod_rel_team
Memory Requirements
Table 3 shows how much memory is required to support Cisco CP Express and related applications.
Release Notes for Cisco Configuration Professional Express 1.0
6
• 12.5(1)M
OL-16652-01
Page 7
Table 3Cisco CP Express File List
FilenameSizeDescription
cpexpress.tar2.17 MB
2,281,472 bytes
home.shtml1.01 KB
(1,038 bytes)
home.tar110 KBCisco CP Express support file
cpconfig-modelnum.
2.82 to 3.33 KBDefault Configuration File
For example:
cpconfig-180x.cfg
securedesktop-ios-3.1.1.45k9.pkg
1.61 MB
(1,697, 952 bytes)
sslclient-win-1.1.4.176.pkg406 KB
(415,956 bytes)
wlanui.tar2.13 MB
(2, 242, 560 bytes)
128MB.sdf515 KB
(527, 849 bytes)
256MB.sdf775 KB
(793, 739 bytes
Cisco CP Express application file
Cisco CP Express support file
Cisco Secure Desktop client software for SSL VPN
clients.
Full tunnel client software for SSL VPN clients
Wireless Application
Signature Definition File (SDF) used by Cisco IOS
IPS
Signature Definition File (SDF) used by Cisco IOS
IPS
System Requirements
Cisco CP Ordering Options
Cisco CP Express is shipped with every ordering option under which Cisco CP can be ordered. Tab le 4
on page 7 describes the Cisco CP ordering option. Ordering options are also referred to as SKUs.
Table 4Cisco CP Ordering Options
Ordering Option (SKU)Description
CCP-CDCisco CP: Shipped on CD
CCP-CD-NOCF Cisco CP: Shipped on CD
Cisco CP Express: Shipped in router flash memory
SSL Signature File: Shipped in router flash memory
Default Configuration File: Shipped in router flash memory and in NVRAM
Cisco CP Express: Shipped in router flash memory
SSL Signature File: Shipped in router flash memory
Default Configuration File: Shipped in router flash memory.
NoteThis ordering option does not provide the default configuration file
for Cisco 800 series routers.
OL-16652-01
Release Notes for Cisco Configuration Professional Express 1.0
7
Page 8
Installation Notes
Table 4Cisco CP Ordering Options
Ordering Option (SKU)Description
CCP-EXPRESSCisco CP: Not shipped
Cisco CP Express: Shipped in router flash memory
SSL Signature File: Shipped in router flash memory
Default Configuration File: Shipped in router flash memory and in NVRAM
CCP-EXPRESS-NOCF Cisco CP: Not shipped
Cisco CP Express: Shipped in router flash memory
SSL Signature File: Shipped in router flash memory
Default Configuration File: Shipped in router flash memory.
NoteThis ordering option does not provide the default configuration file
for Cisco 800 series routers.
Installation Notes
This section contains important information regarding installation of Cisco CP Express.
Downloading Cisco CP Express From Cisco.com and Installing It On the Router
If Cisco CP Express is not currently installed on the router, and you want to install it, complete the
following steps:
Step 1Go to http://www.cisco.com/go/ciscocp, andclick DownloadSoftware in the Support box.
Step 2If a login page appears, enter your login credentials. In the Software Download page, click Cisco
Configuration Professional.
Step 3In the next download page that appears, click the release number that you want to download.
Step 4Click on the Cisco Configuration Professional package link. The zip file contains the Cisco CP, and
Cisco CP Express installation files.
Uninstalling Cisco CP Express Files
If you want to remove Cisco CP Express from flash memory or from a router disk file system, you can
do so by logging onto the router and completing the following steps in EXEC mode:
Step 1Change to the directory in which the Cisco CP Express files are located.
If the router has a flash file system, use the following command:
router# cd flash:
Release Notes for Cisco Configuration Professional Express 1.0
8
OL-16652-01
Page 9
Limitations and Restrictions
If the router has a disk file system, use the following command:
router# cd diskN
Replace N with the actual number of the disk. Use the slot keyword instead of the disk keyword if
necessary.
Step 2Use the delete command to remove the Cisco CP Express files. The example below deletes the file
Step 3Use the delete command to remove the remaining Cisco CP Express files.
Step 4Reclaim memory space by using the squeeze flash: command:
router# squeeze flash:
It is not necessary to use the squeeze flash: command on DOS-based file systems.
Limitations and Restrictions
This section describes the following restrictions and limitations that may apply to Cisco CP Express:
• Cisco CP Express Does Not Support Cisco 7000 Series Routers, page 9
Cisco CP Express Does Not Support Cisco 7000 Series Routers
Cisco CP Express does not support the Cisco 7204VXR, Cisco 7206VXR, and Cisco 7301 Routers and
is not shipped with those routers.
Important Notes
This section contains important information for Cisco CP Express. It contains the following sections:
• Cisco IOS Enforces One-Time Use of Default Credentials
• Cisco CP Express May Not Operate with Custom Configuration File
• Popup Blockers Disable Cisco CP Express Online Help
• Disable Proxy Settings
• Security Alert Dialog May Remain After Cisco CP Express Launches
Cisco IOS Enforces One-Time Use of Default Credentials
To address CSCsm25466,Cisco IOS images included with recent shipments of Cisco 800, Cisco 1800,
Cisco 2800, and Cisco 3800 routers, enforce the one-time use of the default username and password
provided in the default configuration file shipped with Cisco CP Express and Cisco CP. If you bypass
OL-16652-01
Release Notes for Cisco Configuration Professional Express 1.0
9
Page 10
Important Notes
NoteIf you login to the router using a Telnet or a console connection but do not complete the steps in this
Cisco CP Express and use a console or Telnet connection to log into the router, the login and exec
banners warn you that you must change the username “cisco” and password “cisco” before you log off
of the router. If you do not change the credentials as directed, you will not be able to log on to the router
the next time that you attempt to do so.
The following Cisco IOS releases enforce the one-time use of the default credentials:
• 12.4(11)T or later
• 12.4(11)SW, 12.4(11)SW1, 12.4(11)XV, 12.4(11)XJ
• 12.4(9)T5, 12.4(9)T6
• 12.3(21), 12.3(22)
Follow the procedure in this section to secure the router by creating a new username and password, to
remove the login banner and exec banner warnings, and to save the configuration changes to the router
startup configuration.
procedure, be aware of the following:
• If you do not change the default username and password, and then log off the router, you will not be
able to log into the router again without entering the reload command. No additional warning is
given before you log off.
• If you do not change the default username and password, but do enter the write memory command
before ending the session, future logins will be disabled. In this case, you will need to follow the
password recovery procedure at the following link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.sht
ml
To secure the router, remove the banner warnings and save the changes to the router startup config,
complete the following steps:
Step 1Connect the light blue console cable, included with your router, from the blue console port on your router
to a serial port on your PC. Refer to your router’s hardware installation guide for instructions.
Step 2Connect the power supply to your router, plug the power supply into a power outlet, and turn on your
router. Refer to your router’s quick start guide for instructions.
Step 3Use HyperTerminal or a similar terminal emulation program on your PC, with the terminal emulation
settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.
Step 4When prompted, enter the username cisco, and password cisco.
Step 5Enter configuration mode by entering the following command:
yourname# configureterminal
Step 6Create a new username and password by entering the following command:
Replace username and password with the username and password that you want to use.
Step 7Remove the default username and password by entering the following command:
yourname(config)# nousernamecisco
Release Notes for Cisco Configuration Professional Express 1.0
10
OL-16652-01
Page 11
Important Notes
Step 8To remove the login banner, enter the following command:
yourname(config)# no banner login
The login banner warning will no longer appear.
Step 9To remove the exec banner, enter the following command:
yourname(config)# no banner exec
The exec banner warning will no longer appear.
Step 10Leave configuration mode, by entering the following command:
yourname(config)# end
Step 11Copy the configuration changes to the startup configuration by entering the following command:
yourname# copyrunning-configstartup-config
When logging into the router in the future, use the username and password that you created in Step 6.
Cisco CP Express May Not Operate with Custom Configuration File
If you load a custom configuration file on the router usingCisco CP Express or any other process, you
may remove Command Line Interface (CLI) commands that Cisco CP Express operation requires and
prevent it from operating. Cisco CP requires the following basic configuration in order to connect to the
router and manage it.
• An http or https server must be enabled with local authentication.
• A local user account with privilege level 15 and accompanying password must be configured.
• Vty line with protocol ssh/telnet must be enabled with local authentication. This is needed for
interactive commands.
• An http timeout policy must be configured with the parameters shown in the following example to
avoid a known launch issue with Cisco CP Express.
• The PC on which Cisco CP Express is to run and the interface through which Cisco CP Express will
be launched must be configured with IP addresses from the same subnet.
The following example shows a configuration that contains the CLI commands Cisco CP Express
requires in order to operate.
!
ip domain-name yourdomain.com
!
interface FastEthernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-10/100 Ethernet$
ip address 10.10.10.1 255.255.255.248
description PC must be on the same subnet as this interface
no shutdown
!
ip http server
ip http secure-server
OL-16652-01
Release Notes for Cisco Configuration Professional Express 1.0
11
Page 12
Caveats
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
line vty 0 4
privilege level 15
login local
transport input telnet
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet
transport input telnet ssh
Popup Blockers Disable Cisco CP Express Online Help
If you have enabled popup blockers in the browser you use to run Cisco CP Express, online help will not
appear when you click the help button. To prevent this from happening, you must disable the popup
blocker when you run Cisco CP Express. Popup blockers may be enabled in search engine toolbars, or
may be standalone applications integrated with the web browser.
Microsoft Windows XP with Service Pack 2 blocks popups by default. In order to turn off popup
blocking in Internet Explorer, go to Tool s > Pop-up Blocker > Turn Off Pop-up Blocker.
If you have not installed and enabled third-party pop up blockers, go to Tool s >Internet Options > Privacy, and uncheck the Block popups checkbox.
In Firefox 1.5 and later versions, click Too ls > Options > Content. Uncheck Block pop-up windows.
Disable Proxy Settings
Cisco CP Express will not start when run under Internet Explorer with proxy settings enabled. To correct
this problem, choose Internet Options from the Tools menu, click the Connections tab, and then click
the LAN settings button. In the LAN Settings window, disable the proxy settings.
Security Alert Dialog May Remain After Cisco CP Express Launches
When Cisco CP Express is launched using HTTPS, a security alert dialog box that informs you of
possible security problems and asks you if you want to proceed with program launch may appear. This
can happen if the router does not have the following global configuration command in the running
configuration:
ip http timeout-policy idle 600 life 86400 requests 10000
Caveats
Caveats describe unexpected behavior in Cisco CP Express. Severity 1 caveats are the most serious
caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three
severity levels.
Release Notes for Cisco Configuration Professional Express 1.0
12
OL-16652-01
Page 13
Open Caveats—Cisco CP Express 1.0
This section lists caveats that are open in Cisco CP Express 1.0.
• CSCsq31188
Cisco CP Express cannot be installed using a PC running Microsoft Windows XP with Service Pack
(SP) 3.
Workaround: Cisco CP Express can be installed using a PC running Microsoft Windows XP with
SP2, and Microsoft Windows Vista.
• CSCsk51555
This caveat is caused by Cisco IOS caveat CSCsl42697. When configuring a radio interface using
the Cisco CP Wireless application, QoS access commands such as max-contention and
min-contention window settings are not delivered to the router.
• CSCsk78581
When Cisco CP Express is invoked using HTTPS on a router running Cisco IOS version 12.4(17),
the router crashes.
Workaround: Invoke Cisco CP Express using HTTP, as in the following example:
http://10.10.10.1
Caveats
• CSCsd33430
Cisco CP Express browser windows do not close if the Secure Device Provisioning application is
launched from Cisco CP Express. If you choose Secure Device Provision in the Router Provisioning
screen, the SDP application is launched after you complete the Cisco CP Express wizard and deliver
the commands to the router. After the commands are delivered, Cisco CP Express closes, but the two
browser windows associated with Cisco CP Express do not close automatically. This behavior has
been observed in all browsers.
Workaround: Close these windows manually. However, note that closing these windows manually
also closes the Cisco CP Express application. Therefore, do not close these windows until you have
completed configuring the router using the SDP application.
• CSCej01054
The SDM_HIGH security policy may not block Instant Messaging (IM) applications. The
application security feature blocks IM applications using the server deny name command. New
servers may become available, and if they do, IM applications may connect to them.
Workaround: Complete the following steps:
–
Turn on firewall logging for IM applications. The names of the servers that the IM applications
connect to will be revealed in the log.
–
Use the CLI to block the new servers. The following example uses the server
newserver.yahoo.com:
router# config t
router(config)# appfw policy-name SDM_HIGH
router(cfg-appfw-policy)# application im yahoo
router(cfg-appfw-policy-ymsgr)# server deny name newserver.yahoo.com
router(cfg-appfw-policy-ymsgr)# end
router#
OL-16652-01
Release Notes for Cisco Configuration Professional Express 1.0
13
Page 14
Caveats
Note• IM applications are able to communicate over nonnative protocol ports, such as HTTP, and through
their native TCP and UDP ports. Cisco CP configures block and permit actions based on the native
port for the application, and always blocks communication conducted over HTTP ports.
• Some IM applications, such as MSN Messenger 7.0, use HTTP ports by default. To permit these
applications, configure the IM application to use its native port.
• CSCef53222
Cisco CP Express filenames are case sensitive. If the Cisco CP Express files are copied from the PC
hard disk to a flash card, File Explorer changes the names to uppercase. When this happens,
Cisco CP Express cannot be invoked from this flash card.
Workaround: Before removing the flash card from the PC, restore the filenames to lowercase.
• CSCec31789
When you update Cisco CP Express, if any of the uploaded files shows a size of zero bytes when
show flash is invoked, no operations such as copy or delete can be performed on flash memory. This
problem rarely occurs.
Workaround: Restart the router to be able to perform operations on flash memory. If files of zero
bytes are shown in a show flash display, restart the router before starting Cisco CP Express.
• CSCea89054
If you delete a WAN connection that you created, an ip nat inside command may still remain in a
LAN interface configuration.
Workaround: To delete the ip nat inside command from the LAN interface configuration, go t o
Edit Interfaces and Connections, choose the LAN interface, click Edit, and delete the association in
the Association tab.
• CSCin48956
When the router is configured to use PPPoE, users may not be able to download a file using FTP or
display web pages from Internet hosts that they are able to ping or access using telnet. This can
happen if Cisco CP Express is being used on a router with interfaces that Cisco CP Express does not
support, such as Token Ring or VLAN interfaces. Cisco CP Express does not deliver the command
ip tcp adjust-mss 1452 to unsupported interfaces.
Workaround: Use the CLI to add the ip tcp adjust-mss 1452 command to the VLAN or Token Ring
interface configuration. Use Telnet to access the router and enter the following command in VLAN
or Token Ring interface configuration mode:
Router# ip tcp adjust-mss 1452
• CSCeh06870
The Cisco CP Express Update from PC feature will not operate when the CCP-Vnn.zip file is placed
in a shared folder with read-only access.
Workaround: Do not place the CCP-Vnn.zip file in a folder with read-only access.
• CSCsl67834
In Edit mode, Cisco CP Express displays an exception in the Java console after the user changes the
default factory username and password when launched with JRE plug-in versions
1.6.0,1.6.0_01,1.6.0_02,1.6.0_03,1.6.0_04 and 1.6.0_05. An IO exception popup screen is
displayed as well.
Release Notes for Cisco Configuration Professional Express 1.0
14
OL-16652-01
Page 15
Related Documentation
Workaround: Relaunch the application with new username and password or use JRE plug-in
version 1.5.0,1.5.0_10 or 1.5.0_11.
• CSCsm00417
When Cisco CP Express is run in Edit mode, the Cisco IOS image name may not display completely
in the Cisco CP Express home page or in the Router Hardware/Software Details screen.
• CSCsm48131
When installing Cisco CP Express, if you cancel setup and then immediately click setup.exe again,
the setup program displays a message that says a previous instance of the setup program is already
running.
Workaround: Wait for 15 to 20 seconds before attempting setup again.
• CSCsm92278
When using the Reset To Factory Defaults Cisco CP Express feature on a router equipped with an
Access Point (AP) module, the factory default configuration is restored to the router, but no change
is made to the AP module configuration.
Workaround: You must manually reboot the Access Point.
• CSCsm92310
On a router with an installed AP module, if Authentication, Authorization, and Accounting (AAA)
is enabled on both the router and the installed AP module, Cisco CP Express will require you to
enter login credentials twice: once for the router, and once for the AP module.
Workaround: Enter the router login credentials first, and then enter the AP login credentials.
Related Documentation
This section lists other documents with information on Cisco CP Express.
• Platform-Specific Documents—See the quick start guide for the router, available on
http://www.cisco.com, to learn how to set up the router hardware connections.
• Software Documents—These documents are available on http://www.cisco.com/go/ciscocp.
NoteFor information on obtaining documentation and technical assistance, product security, and additional
information, see What's New, which also lists new and revised documents each month.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)